From 0b213883ed70b65e2e750a615c48e764afa9bd5c Mon Sep 17 00:00:00 2001 From: Matthew Scragg Date: Thu, 18 Sep 2014 10:42:32 -0500 Subject: [PATCH] Fix load token bug --- realms/modules/auth/models.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/realms/modules/auth/models.py b/realms/modules/auth/models.py index 727356c..7cde5a4 100644 --- a/realms/modules/auth/models.py +++ b/realms/modules/auth/models.py @@ -15,24 +15,24 @@ def load_user(user_id): @login_manager.token_loader def load_token(token): # Load unsafe because payload is needed for sig - sig_okay, payload = URLSafeSerializer(None).loads_unsafe(token) + sig_okay, payload = URLSafeSerializer(config.SECRET_KEY).loads_unsafe(token) if not payload: - return False + return None # User key *could* be stored in payload to avoid user lookup in db user = User.get_by_id(payload.get('id')) if not user: - return False + return None try: if User.signer(sha256(user.password).hexdigest()).loads(token): return user else: - return False + return None except BadSignature: - return False + return None class AnonUser(AnonymousUserMixin):